From nobody Tue Aug 09 13:31:53 2022 X-Original-To: dev-commits-src-all@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4M2DWF3mvnz4Z3VD; Tue, 9 Aug 2022 13:31:53 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4M2DWF3X1Yz3xS3; Tue, 9 Aug 2022 13:31:53 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1660051913; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=JIGA374zkGVVIHAHfVVGk49chJwhaFqJi13Yxa9PWQI=; b=v7DUzj9AiG55eXnRfmCWInCypMG2aO0NbryiQV16ZxTSq8sYy7WLbtAt4dKhn7Pgw3XRep 30u2wOZsXGFy6pjLOuZ9gRB9x3dJmgbKxad/eMzvGzH6H9BXtfBYVHq40sAkFa39sAA0Eu gsNP3jR1O9SI3j2Gg92jTGVIMm8bhjpxoqEH2rAqUo2jsTR3DLfMmcYhPoTj4FP0IbrO13 MEPTGFs2+RjOJOzQbIiurtF2U7Trgc7SguTzJGhtG0Y7MgcZXsi7ByfcoNAM8KRyoaKEXO ihcMz7ZdJT5yva5Dj+ff2irw3kgIDZnFSWcd6iuJRpugjSnmpqmUHhyPCq6xQQ== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4M2DWF2bRfzYpQ; Tue, 9 Aug 2022 13:31:53 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.16.1/8.16.1) with ESMTP id 279DVrxh003220; Tue, 9 Aug 2022 13:31:53 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.16.1/8.16.1/Submit) id 279DVrtU003219; Tue, 9 Aug 2022 13:31:53 GMT (envelope-from git) Date: Tue, 9 Aug 2022 13:31:53 GMT Message-Id: <202208091331.279DVrtU003219@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Cy Schubert Subject: git: d4ed4b457f2e - stable/12 - unbound: Vendor import 1.16.1 List-Id: Commit messages for all branches of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-all List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-src-all@freebsd.org X-BeenThere: dev-commits-src-all@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: cy X-Git-Repository: src X-Git-Refname: refs/heads/stable/12 X-Git-Reftype: branch X-Git-Commit: d4ed4b457f2e1252994b1400acbbf9403ab674ce Auto-Submitted: auto-generated ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1660051913; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=JIGA374zkGVVIHAHfVVGk49chJwhaFqJi13Yxa9PWQI=; b=hYY21oBic58DOjeZ4CV+Ck+eZQ02qV5U8y5/Boe6nQNEsmZqgFZ1SF1DWGXBzC3Q3fGLjR LsBH5IbXQJBoZlJFveAso638uDpSUEPnNPTjQt5GJUCTAv/BhqaWPQ84c76xuHRpzET1BP G6WIAYLoV1fTQyDiWV0n5gjD6gynuLRmoETJh/04+WK0+Pd29B8TXSq2ttYGJ26H3ydadl vFPAXmpcnWfk7/gW6y0wBdglS2tdI4iatMSZYgeUVVElRwo7ibiQ96UleUQrIbvyGudRrb dLnFYvntufinj8MfG6YWppZzjIwJYThBBMXoACfijBOIL/fwta4iRQk1ncXgKQ== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1660051913; a=rsa-sha256; cv=none; b=YGjxOwOkP7PgBEAeTfZfiyED3zk+UpSP3TqTl4pn6/f52ArCmwgjgW8ycNB0nNoo3qN1xR lVSOdiRoiSwk+zrrWEhPPKfyw/pcT/UFByMBfNrHpWQDB6pviraiKV/h2UKWQujRTSabxs wGu+5rSf8Cwzf1bfzCC9jyyYs3OQNFWaXvy/S+f+R43SRDaUVViVp7ZxUWApQR+jCuL47X U4670Hjke40G+cXn59JF2Fx1BZI/u9eaC5lEkpk9g6wt2g4BLKBFvMdA1cs9pKpv7YbC8h I3yDp9ARIsS8kS6bxXsOrmleTNfUwWTXtXyh6gh46RQxyJ3P7+8GxfCuw4zyrQ== ARC-Authentication-Results: i=1; mx1.freebsd.org; none X-ThisMailContainsUnwantedMimeParts: N The branch stable/12 has been updated by cy: URL: https://cgit.FreeBSD.org/src/commit/?id=d4ed4b457f2e1252994b1400acbbf9403ab674ce commit d4ed4b457f2e1252994b1400acbbf9403ab674ce Author: Cy Schubert AuthorDate: 2022-07-13 19:30:14 +0000 Commit: Cy Schubert CommitDate: 2022-08-09 13:31:19 +0000 unbound: Vendor import 1.16.1 Merge commit 'd57351465531b38689892ec862de2725b52842dd' into unbound/main2 (cherry picked from commit 0a92a9fca737edafbad03ee5a8efebe302851cff) --- contrib/unbound/Makefile.in | 12 +- contrib/unbound/config.h.in | 4 + contrib/unbound/configure | 109 ++++- contrib/unbound/configure.ac | 11 +- contrib/unbound/contrib/metrics.awk | 1 + contrib/unbound/contrib/unbound_munin_ | 3 +- contrib/unbound/daemon/daemon.c | 2 +- contrib/unbound/daemon/remote.c | 2 + contrib/unbound/daemon/stats.c | 2 + contrib/unbound/daemon/worker.c | 24 +- contrib/unbound/doc/Changelog | 80 ++- contrib/unbound/doc/README | 2 +- contrib/unbound/doc/example.conf.in | 6 +- contrib/unbound/doc/libunbound.3.in | 4 +- contrib/unbound/doc/unbound-anchor.8.in | 2 +- contrib/unbound/doc/unbound-checkconf.8.in | 2 +- contrib/unbound/doc/unbound-control.8.in | 6 +- contrib/unbound/doc/unbound-host.1.in | 2 +- contrib/unbound/doc/unbound.8.in | 6 +- contrib/unbound/doc/unbound.conf.5.in | 10 +- contrib/unbound/edns-subnet/subnetmod.c | 49 +- contrib/unbound/edns-subnet/subnetmod.h | 5 +- contrib/unbound/iterator/iter_delegpt.c | 21 +- contrib/unbound/iterator/iter_delegpt.h | 3 +- contrib/unbound/iterator/iter_utils.c | 6 +- contrib/unbound/iterator/iterator.c | 204 ++++++-- contrib/unbound/iterator/iterator.h | 29 +- contrib/unbound/libunbound/unbound.h | 2 + contrib/unbound/services/authzone.c | 4 +- contrib/unbound/services/mesh.c | 3 +- contrib/unbound/services/outside_network.c | 12 +- contrib/unbound/services/outside_network.h | 2 + contrib/unbound/sldns/parse.c | 55 ++- contrib/unbound/smallapp/unbound-control.c | 2 + contrib/unbound/testcode/readzone.c | 158 ------ contrib/unbound/testcode/unittcpreuse.c | 236 --------- contrib/unbound/testcode/unitzonemd.c | 537 --------------------- contrib/unbound/testdata/auth_zonemd_anchor.rpl | 234 --------- .../unbound/testdata/auth_zonemd_anchor_fail.rpl | 236 --------- contrib/unbound/testdata/auth_zonemd_chain.rpl | 234 --------- .../unbound/testdata/auth_zonemd_chain_fail.rpl | 236 --------- contrib/unbound/testdata/auth_zonemd_file.rpl | 183 ------- contrib/unbound/testdata/auth_zonemd_file_fail.rpl | 185 ------- .../unbound/testdata/auth_zonemd_file_unknown.rpl | 184 ------- contrib/unbound/testdata/auth_zonemd_insecure.rpl | 215 --------- .../testdata/auth_zonemd_insecure_absent.rpl | 217 --------- .../auth_zonemd_insecure_absent_reject.rpl | 218 --------- .../unbound/testdata/auth_zonemd_insecure_fail.rpl | 218 --------- contrib/unbound/testdata/auth_zonemd_nokey.rpl | 212 -------- .../testdata/auth_zonemd_permissive_mode.rpl | 187 ------- contrib/unbound/testdata/auth_zonemd_xfr.rpl | 238 --------- .../unbound/testdata/auth_zonemd_xfr_anchor.rpl | 285 ----------- .../testdata/auth_zonemd_xfr_anchor_fail.rpl | 266 ---------- contrib/unbound/testdata/auth_zonemd_xfr_chain.rpl | 310 ------------ .../testdata/auth_zonemd_xfr_chain_fail.rpl | 321 ------------ .../testdata/auth_zonemd_xfr_chain_keyinxfr.rpl | 315 ------------ contrib/unbound/testdata/auth_zonemd_xfr_fail.rpl | 241 --------- contrib/unbound/testdata/ede.tdir/bogus/clean.sh | 1 - .../testdata/ede.tdir/bogus/dnskey-failures.test | 10 - .../testdata/ede.tdir/bogus/dnssec-failures.test | 15 - .../testdata/ede.tdir/bogus/make-broken-zone.sh | 67 --- .../testdata/ede.tdir/bogus/nsec-failures.test | 10 - .../testdata/ede.tdir/bogus/rrsig-failures.test | 10 - contrib/unbound/testdata/ede.tdir/ede-auth.conf | 27 -- contrib/unbound/testdata/ede.tdir/ede.conf | 49 -- contrib/unbound/testdata/ede.tdir/ede.dsc | 16 - contrib/unbound/testdata/ede.tdir/ede.post | 10 - contrib/unbound/testdata/ede.tdir/ede.pre | 37 -- contrib/unbound/testdata/ede.tdir/ede.test | 72 --- contrib/unbound/testdata/ede_acl_refused.rpl | 35 -- .../unbound/testdata/ede_cache_snoop_noth_auth.rpl | 33 -- .../testdata/ede_localzone_dname_expansion.rpl | 37 -- .../testdata/edns_attached_once_per_upstream.rpl | 90 ---- contrib/unbound/testdata/fwd_error_retries.rpl | 27 -- .../fwd_udp_with_tcp_upstream.conf | 20 - .../fwd_udp_with_tcp_upstream.dsc | 16 - .../fwd_udp_with_tcp_upstream.post | 10 - .../fwd_udp_with_tcp_upstream.pre | 31 -- .../fwd_udp_with_tcp_upstream.test | 35 -- .../fwd_udp_with_tcp_upstream.testns | 25 - .../127.0.0.1/example.com.zone | 3 - .../http_user_agent.tdir/http_user_agent.conf | 24 - .../http_user_agent.tdir/http_user_agent.dsc | 16 - .../http_user_agent.tdir/http_user_agent.post | 11 - .../http_user_agent.tdir/http_user_agent.pre | 37 -- .../http_user_agent.tdir/http_user_agent.test | 103 ---- .../testdata/http_user_agent.tdir/petal.key | 21 - .../testdata/http_user_agent.tdir/petal.pem | 14 - .../http_user_agent.tdir/unbound_control.key | 39 -- .../http_user_agent.tdir/unbound_control.pem | 22 - .../http_user_agent.tdir/unbound_server.key | 39 -- .../http_user_agent.tdir/unbound_server.pem | 22 - contrib/unbound/testdata/ipset.tdir/ipset.conf | 23 - contrib/unbound/testdata/ipset.tdir/ipset.dsc | 16 - contrib/unbound/testdata/ipset.tdir/ipset.post | 14 - contrib/unbound/testdata/ipset.tdir/ipset.pre | 33 -- contrib/unbound/testdata/ipset.tdir/ipset.test | 155 ------ contrib/unbound/testdata/ipset.tdir/ipset.testns | 103 ---- contrib/unbound/testdata/iter_cname_minimise.rpl | 179 ------- contrib/unbound/testdata/iter_dp_ip6useless.rpl | 168 ------- contrib/unbound/testdata/nsid_bogus.rpl | 175 ------- .../unbound/testdata/ratelimit.tdir/ratelimit.conf | 29 -- .../unbound/testdata/ratelimit.tdir/ratelimit.dsc | 16 - .../unbound/testdata/ratelimit.tdir/ratelimit.post | 14 - .../unbound/testdata/ratelimit.tdir/ratelimit.pre | 33 -- .../unbound/testdata/ratelimit.tdir/ratelimit.test | 183 ------- .../testdata/ratelimit.tdir/ratelimit.testns | 13 - .../testdata/ratelimit.tdir/unbound_control.key | 39 -- .../testdata/ratelimit.tdir/unbound_control.pem | 22 - .../testdata/ratelimit.tdir/unbound_server.key | 39 -- .../testdata/ratelimit.tdir/unbound_server.pem | 22 - contrib/unbound/testdata/rpz_clientip.rpl | 264 ---------- contrib/unbound/testdata/rpz_nsdname.rpl | 390 --------------- contrib/unbound/testdata/rpz_nsip.rpl | 408 ---------------- contrib/unbound/testdata/rpz_passthru.rpl | 154 ------ contrib/unbound/testdata/rpz_qname_tcponly.rpl | 117 ----- contrib/unbound/testdata/rpz_respip_tcponly.rpl | 207 -------- contrib/unbound/testdata/rpz_rootwc.rpl | 162 ------- .../unbound/testdata/rpz_signal_nxdomain_ra.rpl | 254 ---------- .../stub_udp_with_tcp_upstream.conf | 19 - .../stub_udp_with_tcp_upstream.dsc | 16 - .../stub_udp_with_tcp_upstream.post | 10 - .../stub_udp_with_tcp_upstream.pre | 35 -- .../stub_udp_with_tcp_upstream.test | 37 -- .../stub_udp_with_tcp_upstream.testns | 48 -- contrib/unbound/testdata/subnet_prefetch.crpl | 215 --------- .../testdata/subnet_prefetch_with_client_ecs.crpl | 221 --------- .../testdata/svcb.tdir/crypto.cloudflare.com.zone | 9 - contrib/unbound/testdata/svcb.tdir/svcb.dsc | 16 - .../testdata/svcb.tdir/svcb.failure-cases-01 | 9 - .../testdata/svcb.tdir/svcb.failure-cases-02 | 8 - .../testdata/svcb.tdir/svcb.failure-cases-03 | 8 - .../testdata/svcb.tdir/svcb.failure-cases-04 | 8 - .../testdata/svcb.tdir/svcb.success-cases.zone | 47 -- .../testdata/svcb.tdir/svcb.success-cases.zone.cmp | 10 - contrib/unbound/testdata/svcb.tdir/svcb.test | 97 ---- .../testdata/svcb.tdir/svcb.test-vectors-pf.zone | 92 ---- .../testdata/svcb.tdir/svcb.test-vectors-wf.zone | 232 --------- contrib/unbound/testdata/zonemd.example1.zone | 4 - contrib/unbound/testdata/zonemd.example10.zone | 35 -- contrib/unbound/testdata/zonemd.example11.zone | 33 -- contrib/unbound/testdata/zonemd.example12.zone | 35 -- contrib/unbound/testdata/zonemd.example13.zone | 33 -- contrib/unbound/testdata/zonemd.example14.zone | 35 -- contrib/unbound/testdata/zonemd.example15.zone | 35 -- contrib/unbound/testdata/zonemd.example16.zone | 11 - contrib/unbound/testdata/zonemd.example17.zone | 11 - contrib/unbound/testdata/zonemd.example2.zone | 15 - contrib/unbound/testdata/zonemd.example3.zone | 34 -- contrib/unbound/testdata/zonemd.example4.zone | 36 -- contrib/unbound/testdata/zonemd.example5.zone | 34 -- contrib/unbound/testdata/zonemd.example6.zone | 36 -- contrib/unbound/testdata/zonemd.example7.zone | 31 -- contrib/unbound/testdata/zonemd.example8.zone | 34 -- contrib/unbound/testdata/zonemd.example9.zone | 35 -- contrib/unbound/testdata/zonemd.example_a1.zone | 6 - contrib/unbound/testdata/zonemd.example_a2.zone | 25 - contrib/unbound/testdata/zonemd.example_a3.zone | 30 -- contrib/unbound/testdata/zonemd.example_a4.zone | 127 ----- contrib/unbound/testdata/zonemd.example_a5.zone | 48 -- .../testdata/zonemd_reload.tdir/zonemd_reload.conf | 23 - .../testdata/zonemd_reload.tdir/zonemd_reload.dsc | 16 - .../testdata/zonemd_reload.tdir/zonemd_reload.post | 14 - .../testdata/zonemd_reload.tdir/zonemd_reload.pre | 35 -- .../testdata/zonemd_reload.tdir/zonemd_reload.test | 74 --- .../zonemd_reload.tdir/zonemd_reload.testns | 27 -- .../testdata/zonemd_reload.tdir/zonemd_reload.zone | 8 - contrib/unbound/util/iana_ports.inc | 9 + contrib/unbound/util/net_help.c | 10 +- contrib/unbound/validator/val_secalgo.c | 127 +++-- contrib/unbound/validator/val_sigcrypt.c | 148 +++--- contrib/unbound/validator/val_utils.c | 2 +- 172 files changed, 728 insertions(+), 12244 deletions(-) diff --git a/contrib/unbound/Makefile.in b/contrib/unbound/Makefile.in index 7dbe5760033b..3189731ad52f 100644 --- a/contrib/unbound/Makefile.in +++ b/contrib/unbound/Makefile.in @@ -345,14 +345,12 @@ test: unittest$(EXEEXT) testbound$(EXEEXT) ./unittest$(EXEEXT) ./testbound$(EXEEXT) -s for x in $(srcdir)/testdata/*.rpl; do \ - printf "%s" "$$x "; \ - if ./testbound$(EXEEXT) -p $$x >/dev/null 2>&1; then \ - echo OK; \ + output=`./testbound$(EXEEXT) -p $$x -o -vvvvv 2>&1`; \ + if test $$? -eq 0; then \ + printf "%s OK\n" "$$x "; \ else \ - echo failed; \ - ./testbound$(EXEEXT) -p $$x -o -vvvvv; \ - printf "%s" "$$x "; \ - echo failed; \ + printf "%s\n" "$$output "; \ + printf "%s failed\n" "$$x "; \ exit 1; \ fi; \ done diff --git a/contrib/unbound/config.h.in b/contrib/unbound/config.h.in index a080dde0da2e..cc1fbe864818 100644 --- a/contrib/unbound/config.h.in +++ b/contrib/unbound/config.h.in @@ -222,6 +222,10 @@ /* Define to 1 if you have the `EVP_cleanup' function. */ #undef HAVE_EVP_CLEANUP +/* Define to 1 if you have the `EVP_default_properties_is_fips_enabled' + function. */ +#undef HAVE_EVP_DEFAULT_PROPERTIES_IS_FIPS_ENABLED + /* Define to 1 if you have the `EVP_DigestVerify' function. */ #undef HAVE_EVP_DIGESTVERIFY diff --git a/contrib/unbound/configure b/contrib/unbound/configure index a9ec94479b55..0029d5b42782 100755 --- a/contrib/unbound/configure +++ b/contrib/unbound/configure @@ -1,6 +1,6 @@ #! /bin/sh # Guess values for system-dependent variables and create Makefiles. -# Generated by GNU Autoconf 2.69 for unbound 1.16.0. +# Generated by GNU Autoconf 2.69 for unbound 1.16.1. # # Report bugs to . # @@ -591,8 +591,8 @@ MAKEFLAGS= # Identity of this package. PACKAGE_NAME='unbound' PACKAGE_TARNAME='unbound' -PACKAGE_VERSION='1.16.0' -PACKAGE_STRING='unbound 1.16.0' +PACKAGE_VERSION='1.16.1' +PACKAGE_STRING='unbound 1.16.1' PACKAGE_BUGREPORT='unbound-bugs@nlnetlabs.nl or https://github.com/NLnetLabs/unbound/issues' PACKAGE_URL='' @@ -1477,7 +1477,7 @@ if test "$ac_init_help" = "long"; then # Omit some internal or obsolete options to make the list less imposing. # This message is too long to be a string in the A/UX 3.1 sh. cat <<_ACEOF -\`configure' configures unbound 1.16.0 to adapt to many kinds of systems. +\`configure' configures unbound 1.16.1 to adapt to many kinds of systems. Usage: $0 [OPTION]... [VAR=VALUE]... @@ -1543,7 +1543,7 @@ fi if test -n "$ac_init_help"; then case $ac_init_help in - short | recursive ) echo "Configuration of unbound 1.16.0:";; + short | recursive ) echo "Configuration of unbound 1.16.1:";; esac cat <<\_ACEOF @@ -1785,7 +1785,7 @@ fi test -n "$ac_init_help" && exit $ac_status if $ac_init_version; then cat <<\_ACEOF -unbound configure 1.16.0 +unbound configure 1.16.1 generated by GNU Autoconf 2.69 Copyright (C) 2012 Free Software Foundation, Inc. @@ -2494,7 +2494,7 @@ cat >config.log <<_ACEOF This file contains any messages produced by compilers while running configure, to aid debugging if configure makes a mistake. -It was created by unbound $as_me 1.16.0, which was +It was created by unbound $as_me 1.16.1, which was generated by GNU Autoconf 2.69. Invocation command line was $ $0 $@ @@ -2846,11 +2846,11 @@ UNBOUND_VERSION_MAJOR=1 UNBOUND_VERSION_MINOR=16 -UNBOUND_VERSION_MICRO=0 +UNBOUND_VERSION_MICRO=1 LIBUNBOUND_CURRENT=9 -LIBUNBOUND_REVISION=16 +LIBUNBOUND_REVISION=17 LIBUNBOUND_AGE=1 # 1.0.0 had 0:12:0 # 1.0.1 had 0:13:0 @@ -2934,6 +2934,7 @@ LIBUNBOUND_AGE=1 # 1.14.0 had 9:14:1 # 1.15.0 had 9:15:1 # 1.16.0 had 9:16:1 +# 1.16.1 had 9:17:1 # Current -- the number of the binary API that we're implementing # Revision -- which iteration of the implementation of the binary @@ -18545,7 +18546,7 @@ fi done -for ac_func in OPENSSL_config EVP_sha1 EVP_sha256 EVP_sha512 FIPS_mode EVP_MD_CTX_new OpenSSL_add_all_digests OPENSSL_init_crypto EVP_cleanup ENGINE_cleanup ERR_load_crypto_strings CRYPTO_cleanup_all_ex_data ERR_free_strings RAND_cleanup DSA_SIG_set0 EVP_dss1 EVP_DigestVerify EVP_aes_256_cbc EVP_EncryptInit_ex HMAC_Init_ex CRYPTO_THREADID_set_callback EVP_MAC_CTX_set_params OSSL_PARAM_BLD_new BIO_set_callback_ex +for ac_func in OPENSSL_config EVP_sha1 EVP_sha256 EVP_sha512 FIPS_mode EVP_default_properties_is_fips_enabled EVP_MD_CTX_new OpenSSL_add_all_digests OPENSSL_init_crypto EVP_cleanup ENGINE_cleanup ERR_load_crypto_strings CRYPTO_cleanup_all_ex_data ERR_free_strings RAND_cleanup DSA_SIG_set0 EVP_dss1 EVP_DigestVerify EVP_aes_256_cbc EVP_EncryptInit_ex HMAC_Init_ex CRYPTO_THREADID_set_callback EVP_MAC_CTX_set_params OSSL_PARAM_BLD_new BIO_set_callback_ex do : as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh` ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var" @@ -19967,7 +19968,46 @@ if test x_$enable_static_exe = x_yes; then else LIBS="$LIBS -lgdi32" fi - LIBS="$LIBS -lz" + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for compress in -lz" >&5 +$as_echo_n "checking for compress in -lz... " >&6; } +if ${ac_cv_lib_z_compress+:} false; then : + $as_echo_n "(cached) " >&6 +else + ac_check_lib_save_LIBS=$LIBS +LIBS="-lz $LIBS" +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +/* Override any GCC internal prototype to avoid an error. + Use char because int might match the return type of a GCC + builtin and then its argument prototype would still apply. */ +#ifdef __cplusplus +extern "C" +#endif +char compress (); +int +main () +{ +return compress (); + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + ac_cv_lib_z_compress=yes +else + ac_cv_lib_z_compress=no +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext +LIBS=$ac_check_lib_save_LIBS +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_z_compress" >&5 +$as_echo "$ac_cv_lib_z_compress" >&6; } +if test "x$ac_cv_lib_z_compress" = xyes; then : + LIBS="$LIBS -lz" +fi + LIBS="$LIBS -l:libssp.a" fi fi @@ -19987,7 +20027,46 @@ if test x_$enable_fully_static = x_yes; then else LIBS="$LIBS -lgdi32" fi - LIBS="$LIBS -lz" + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for compress in -lz" >&5 +$as_echo_n "checking for compress in -lz... " >&6; } +if ${ac_cv_lib_z_compress+:} false; then : + $as_echo_n "(cached) " >&6 +else + ac_check_lib_save_LIBS=$LIBS +LIBS="-lz $LIBS" +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +/* Override any GCC internal prototype to avoid an error. + Use char because int might match the return type of a GCC + builtin and then its argument prototype would still apply. */ +#ifdef __cplusplus +extern "C" +#endif +char compress (); +int +main () +{ +return compress (); + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + ac_cv_lib_z_compress=yes +else + ac_cv_lib_z_compress=no +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext +LIBS=$ac_check_lib_save_LIBS +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_z_compress" >&5 +$as_echo "$ac_cv_lib_z_compress" >&6; } +if test "x$ac_cv_lib_z_compress" = xyes; then : + LIBS="$LIBS -lz" +fi + LIBS="$LIBS -l:libssp.a" fi fi @@ -21934,7 +22013,7 @@ _ACEOF -version=1.16.0 +version=1.16.1 date=`date +'%b %e, %Y'` @@ -22453,7 +22532,7 @@ cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 # report actual input values of CONFIG_FILES etc. instead of their # values after options handling. ac_log=" -This file was extended by unbound $as_me 1.16.0, which was +This file was extended by unbound $as_me 1.16.1, which was generated by GNU Autoconf 2.69. Invocation command line was CONFIG_FILES = $CONFIG_FILES @@ -22519,7 +22598,7 @@ _ACEOF cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`" ac_cs_version="\\ -unbound config.status 1.16.0 +unbound config.status 1.16.1 configured by $0, generated by GNU Autoconf 2.69, with options \\"\$ac_cs_config\\" diff --git a/contrib/unbound/configure.ac b/contrib/unbound/configure.ac index 1453b3a2fe29..e41c811ae826 100644 --- a/contrib/unbound/configure.ac +++ b/contrib/unbound/configure.ac @@ -11,14 +11,14 @@ sinclude(dnscrypt/dnscrypt.m4) # must be numbers. ac_defun because of later processing m4_define([VERSION_MAJOR],[1]) m4_define([VERSION_MINOR],[16]) -m4_define([VERSION_MICRO],[0]) +m4_define([VERSION_MICRO],[1]) AC_INIT([unbound],m4_defn([VERSION_MAJOR]).m4_defn([VERSION_MINOR]).m4_defn([VERSION_MICRO]),[unbound-bugs@nlnetlabs.nl or https://github.com/NLnetLabs/unbound/issues],[unbound]) AC_SUBST(UNBOUND_VERSION_MAJOR, [VERSION_MAJOR]) AC_SUBST(UNBOUND_VERSION_MINOR, [VERSION_MINOR]) AC_SUBST(UNBOUND_VERSION_MICRO, [VERSION_MICRO]) LIBUNBOUND_CURRENT=9 -LIBUNBOUND_REVISION=16 +LIBUNBOUND_REVISION=17 LIBUNBOUND_AGE=1 # 1.0.0 had 0:12:0 # 1.0.1 had 0:13:0 @@ -102,6 +102,7 @@ LIBUNBOUND_AGE=1 # 1.14.0 had 9:14:1 # 1.15.0 had 9:15:1 # 1.16.0 had 9:16:1 +# 1.16.1 had 9:17:1 # Current -- the number of the binary API that we're implementing # Revision -- which iteration of the implementation of the binary @@ -906,7 +907,7 @@ else AC_MSG_RESULT([no]) fi AC_CHECK_HEADERS([openssl/conf.h openssl/engine.h openssl/bn.h openssl/dh.h openssl/dsa.h openssl/rsa.h openssl/core_names.h openssl/param_build.h],,, [AC_INCLUDES_DEFAULT]) -AC_CHECK_FUNCS([OPENSSL_config EVP_sha1 EVP_sha256 EVP_sha512 FIPS_mode EVP_MD_CTX_new OpenSSL_add_all_digests OPENSSL_init_crypto EVP_cleanup ENGINE_cleanup ERR_load_crypto_strings CRYPTO_cleanup_all_ex_data ERR_free_strings RAND_cleanup DSA_SIG_set0 EVP_dss1 EVP_DigestVerify EVP_aes_256_cbc EVP_EncryptInit_ex HMAC_Init_ex CRYPTO_THREADID_set_callback EVP_MAC_CTX_set_params OSSL_PARAM_BLD_new BIO_set_callback_ex]) +AC_CHECK_FUNCS([OPENSSL_config EVP_sha1 EVP_sha256 EVP_sha512 FIPS_mode EVP_default_properties_is_fips_enabled EVP_MD_CTX_new OpenSSL_add_all_digests OPENSSL_init_crypto EVP_cleanup ENGINE_cleanup ERR_load_crypto_strings CRYPTO_cleanup_all_ex_data ERR_free_strings RAND_cleanup DSA_SIG_set0 EVP_dss1 EVP_DigestVerify EVP_aes_256_cbc EVP_EncryptInit_ex HMAC_Init_ex CRYPTO_THREADID_set_callback EVP_MAC_CTX_set_params OSSL_PARAM_BLD_new BIO_set_callback_ex]) # these check_funcs need -lssl BAKLIBS="$LIBS" @@ -1499,7 +1500,7 @@ if test x_$enable_static_exe = x_yes; then else LIBS="$LIBS -lgdi32" fi - LIBS="$LIBS -lz" + AC_CHECK_LIB([z], [compress], [ LIBS="$LIBS -lz" ]) LIBS="$LIBS -l:libssp.a" fi fi @@ -1516,7 +1517,7 @@ if test x_$enable_fully_static = x_yes; then else LIBS="$LIBS -lgdi32" fi - LIBS="$LIBS -lz" + AC_CHECK_LIB([z], [compress], [ LIBS="$LIBS -lz" ]) LIBS="$LIBS -l:libssp.a" fi fi diff --git a/contrib/unbound/contrib/metrics.awk b/contrib/unbound/contrib/metrics.awk index 5a7a2569c29a..ca48c035aa0e 100644 --- a/contrib/unbound/contrib/metrics.awk +++ b/contrib/unbound/contrib/metrics.awk @@ -28,6 +28,7 @@ END { print "unbound_hits_queries{type=\"total.num.prefetch\"} " val["total.num.prefetch"]; print "unbound_hits_queries{type=\"num.query.tcp\"} " val["num.query.tcp"]; print "unbound_hits_queries{type=\"num.query.tcpout\"} " val["num.query.tcpout"]; + print "unbound_hits_queries{type=\"num.query.udpout\"} " val["num.query.udpout"]; print "unbound_hits_queries{type=\"num.query.tls\"} " val["num.query.tls"]; print "unbound_hits_queries{type=\"num.query.tls.resume\"} " val["num.query.tls.resume"]; print "unbound_hits_queries{type=\"num.query.ipv6\"} " val["num.query.ipv6"]; diff --git a/contrib/unbound/contrib/unbound_munin_ b/contrib/unbound/contrib/unbound_munin_ index 5037527580e2..a756a5d1ca20 100755 --- a/contrib/unbound/contrib/unbound_munin_ +++ b/contrib/unbound/contrib/unbound_munin_ @@ -253,6 +253,7 @@ if test "$1" = "config" ; then p_config "total.num.prefetch" "cache prefetch" "ABSOLUTE" p_config "num.query.tcp" "TCP queries" "ABSOLUTE" p_config "num.query.tcpout" "TCP out queries" "ABSOLUTE" + p_config "num.query.udpout" "UDP out queries" "ABSOLUTE" p_config "num.query.tls" "TLS queries" "ABSOLUTE" p_config "num.query.tls.resume" "TLS resumes" "ABSOLUTE" p_config "num.query.ipv6" "IPv6 queries" "ABSOLUTE" @@ -452,7 +453,7 @@ hits) for x in `grep "^thread[0-9][0-9]*\.num\.queries=" $state | sed -e 's/=.*//'` total.num.queries \ total.num.cachehits total.num.prefetch num.query.tcp \ - num.query.tcpout num.query.tls num.query.tls.resume \ + num.query.tcpout num.query.udpout num.query.tls num.query.tls.resume \ num.query.ipv6 unwanted.queries \ unwanted.replies; do if grep "^"$x"=" $state >/dev/null 2>&1; then diff --git a/contrib/unbound/daemon/daemon.c b/contrib/unbound/daemon/daemon.c index 0e3923b4e9f2..4ed531855ee6 100644 --- a/contrib/unbound/daemon/daemon.c +++ b/contrib/unbound/daemon/daemon.c @@ -795,7 +795,7 @@ daemon_delete(struct daemon* daemon) ub_c_lex_destroy(); /* libcrypto cleanup */ #ifdef HAVE_SSL -# if defined(USE_GOST) && defined(HAVE_LDNS_KEY_EVP_UNLOAD_GOST) +# if defined(USE_GOST) sldns_key_EVP_unload_gost(); # endif # if HAVE_DECL_SSL_COMP_GET_COMPRESSION_METHODS && HAVE_DECL_SK_SSL_COMP_POP_FREE diff --git a/contrib/unbound/daemon/remote.c b/contrib/unbound/daemon/remote.c index 675ef43970d1..ec7a4d5d93f4 100644 --- a/contrib/unbound/daemon/remote.c +++ b/contrib/unbound/daemon/remote.c @@ -988,6 +988,8 @@ print_ext(RES* ssl, struct ub_stats_info* s) (unsigned long)s->svr.qtcp)) return 0; if(!ssl_printf(ssl, "num.query.tcpout"SQ"%lu\n", (unsigned long)s->svr.qtcp_outgoing)) return 0; + if(!ssl_printf(ssl, "num.query.udpout"SQ"%lu\n", + (unsigned long)s->svr.qudp_outgoing)) return 0; if(!ssl_printf(ssl, "num.query.tls"SQ"%lu\n", (unsigned long)s->svr.qtls)) return 0; if(!ssl_printf(ssl, "num.query.tls.resume"SQ"%lu\n", diff --git a/contrib/unbound/daemon/stats.c b/contrib/unbound/daemon/stats.c index d08f18dbb137..57c42827161c 100644 --- a/contrib/unbound/daemon/stats.c +++ b/contrib/unbound/daemon/stats.c @@ -281,6 +281,7 @@ server_stats_compile(struct worker* worker, struct ub_stats_info* s, int reset) /* values from outside network */ s->svr.unwanted_replies = (long long)worker->back->unwanted_replies; s->svr.qtcp_outgoing = (long long)worker->back->num_tcp_outgoing; + s->svr.qudp_outgoing = (long long)worker->back->num_udp_outgoing; /* get and reset validator rrset bogus number */ s->svr.rrset_bogus = (long long)get_rrset_bogus(worker, reset); @@ -424,6 +425,7 @@ void server_stats_add(struct ub_stats_info* total, struct ub_stats_info* a) total->svr.qclass_big += a->svr.qclass_big; total->svr.qtcp += a->svr.qtcp; total->svr.qtcp_outgoing += a->svr.qtcp_outgoing; + total->svr.qudp_outgoing += a->svr.qudp_outgoing; total->svr.qtls += a->svr.qtls; total->svr.qtls_resume += a->svr.qtls_resume; total->svr.qhttps += a->svr.qhttps; diff --git a/contrib/unbound/daemon/worker.c b/contrib/unbound/daemon/worker.c index bf8c5d6b6763..27626ce938ca 100644 --- a/contrib/unbound/daemon/worker.c +++ b/contrib/unbound/daemon/worker.c @@ -1639,10 +1639,11 @@ lookup_cache: is_secure_answer = 0; h = query_info_hash(lookup_qinfo, sldns_buffer_read_u16_at(c->buffer, 2)); if((e=slabhash_lookup(worker->env.msg_cache, h, lookup_qinfo, 0))) { + struct reply_info* rep = (struct reply_info*)e->data; /* answer from cache - we have acquired a readlock on it */ - if(answer_from_cache(worker, &qinfo, - cinfo, &need_drop, &is_expired_answer, &is_secure_answer, - &alias_rrset, &partial_rep, (struct reply_info*)e->data, + if(answer_from_cache(worker, &qinfo, cinfo, &need_drop, + &is_expired_answer, &is_secure_answer, + &alias_rrset, &partial_rep, rep, *(uint16_t*)(void *)sldns_buffer_begin(c->buffer), sldns_buffer_read_u16_at(c->buffer, 2), repinfo, &edns)) { @@ -1650,15 +1651,13 @@ lookup_cache: * Note that if there is more than one pass * its qname must be that used for cache * lookup. */ - if((worker->env.cfg->prefetch && *worker->env.now >= - ((struct reply_info*)e->data)->prefetch_ttl) || - (worker->env.cfg->serve_expired && - *worker->env.now >= ((struct reply_info*)e->data)->ttl)) { - - time_t leeway = ((struct reply_info*)e-> - data)->ttl - *worker->env.now; - if(((struct reply_info*)e->data)->ttl - < *worker->env.now) + if((worker->env.cfg->prefetch && + *worker->env.now >= rep->prefetch_ttl) || + (worker->env.cfg->serve_expired && + *worker->env.now > rep->ttl)) { + + time_t leeway = rep->ttl - *worker->env.now; + if(rep->ttl < *worker->env.now) leeway = 0; lock_rw_unlock(&e->lock); @@ -2218,6 +2217,7 @@ void worker_stats_clear(struct worker* worker) mesh_stats_clear(worker->env.mesh); worker->back->unwanted_replies = 0; worker->back->num_tcp_outgoing = 0; + worker->back->num_udp_outgoing = 0; } void worker_start_accept(void* arg) diff --git a/contrib/unbound/doc/Changelog b/contrib/unbound/doc/Changelog index 8df5f367c4e1..d3573190e7e2 100644 --- a/contrib/unbound/doc/Changelog +++ b/contrib/unbound/doc/Changelog @@ -1,6 +1,84 @@ +4 July 2022: George + - Fix bug introduced in 'improve val_sigcrypt.c::algo_needs_missing for + one loop pass'. + - Merge PR #668 from Cristian Rodríguez: Set IP_BIND_ADDRESS_NO_PORT on + outbound tcp sockets. + +4 July 2022: Wouter + - Tag for 1.16.1rc1 release. + +3 July 2022: George + - Merge PR #671 from Petr Menšík: Disable ED25519 and ED448 in FIPS + mode on openssl3. + - Merge PR #660 from Petr Menšík: Sha1 runtime insecure. + - For #660: formatting, less verbose logging, add EDE information. + - Fix for correct openssl error when adding windows CA certificates to + the openssl trust store. + - Improve val_sigcrypt.c::algo_needs_missing for one loop pass. + - Reintroduce documentation and more EDE support for + val_sigcrypt.c::dnskeyset_verify_rrset_sig. + +1 July 2022: George + - Merge PR #706: NXNS fallback. + - From #706: Cached NXDOMAIN does not increase the target nx + responses. + - From #706: Don't generate parent side queries if we already + have the lame records in cache. + - From #706: When a lame address is the best choice, don't try to + generate target queries when the missing targets are all lame. + +29 June 2022: Wouter + - iana portlist update. + - Fix detection of libz on windows compile with static option. + - Fix compile warning for windows compile. + +29 June 2022: George + - Add debug option to the mini_tdir.sh test code. + - Fix #704: [FR] Statistics counter for number of outgoing UDP queries + sent; introduces 'num.query.udpout' to the 'unbound-control stats' + command. + - Fix to not count cached NXDOMAIN for MAX_TARGET_NX. + - Allow fallback to the parent side when MAX_TARGET_NX is reached. + This will also allow MAX_TARGET_NX more NXDOMAINs. + +28 June 2022: George + - Show the output of the exact .rpl run that failed with 'make test'. + - Fix for cached 0 TTL records to not trigger prefetching when + serve-expired-client-timeout is set. + +28 June 2022: Wouter + - Fix test program dohclient close to use portability routine. + +23 June 2022: Tom + - Clarify -v flag manpage entry (#705) + +22 June 2022: Philip + - Fix #663: use after free issue with edns options. + +21 June 2022: Philip + - Fix for loading locally stored zones that have lines with blanks or + blanks and comments. + +20 June 2022: George + - Remove unused LDNS function check for GOST Engine unloading. + +14 June 2022: George + - Merge PR #688: Rpz url notify issue. + - Note in the unbound.conf text that NOTIFY is allowed from the url: + addresses for auth and rpz zones. + +3 June 2022: George + - Fix for edns client subnet to respect not looking in its cache when + instructed to do so (e.g., prefetch). + +3 June 2022: Wouter + - makedist.sh picks up 32bit libssp-0.dll when 32bit compile. + 27 May 2022: Wouter - Fix #684: [FTBS] configure script error with libmnl on openSUSE 15.3 (and possibly other distributions) - - Version is set to 1.16.0 for release. Release tag 1.16.0rc1. + - Version is set to 1.16.0 for release. Release tag 1.16.0rc1. This + became release 1.16.0 on 2 June 2022. The source code branch + continues with version 1.16.1 under development. 20 May 2022: Wouter - Fix to silence test for ede error output to the console from the diff --git a/contrib/unbound/doc/README b/contrib/unbound/doc/README index ea93afddcd5f..13992ac7f9ec 100644 --- a/contrib/unbound/doc/README +++ b/contrib/unbound/doc/README @@ -1,4 +1,4 @@ -README for Unbound 1.16.0 +README for Unbound 1.16.1 Copyright 2007 NLnet Labs http://unbound.net diff --git a/contrib/unbound/doc/example.conf.in b/contrib/unbound/doc/example.conf.in index 64adfe9e5e9c..b01d2c58dbfe 100644 --- a/contrib/unbound/doc/example.conf.in +++ b/contrib/unbound/doc/example.conf.in @@ -1,7 +1,7 @@ # # Example configuration file. # -# See unbound.conf(5) man page, version 1.16.0. +# See unbound.conf(5) man page, version 1.16.1. # # this is a comment. @@ -1045,8 +1045,8 @@ remote-control: # has a copy of the root for local usage. The second serves example.org # authoritatively. zonefile: reads from file (and writes to it if you also # download it), primary: fetches with AXFR and IXFR, or url to zonefile. -# With allow-notify: you can give additional (apart from primaries) sources of -# notifies. +# With allow-notify: you can give additional (apart from primaries and urls) +# sources of notifies. # auth-zone: # name: "." # primary: 199.9.14.201 # b.root-servers.net diff --git a/contrib/unbound/doc/libunbound.3.in b/contrib/unbound/doc/libunbound.3.in index b1be90ce0f0f..8049e3ae29d3 100644 --- a/contrib/unbound/doc/libunbound.3.in +++ b/contrib/unbound/doc/libunbound.3.in @@ -1,4 +1,4 @@ -.TH "libunbound" "3" "Jun 2, 2022" "NLnet Labs" "unbound 1.16.0" +.TH "libunbound" "3" "Jul 11, 2022" "NLnet Labs" "unbound 1.16.1" .\" .\" libunbound.3 -- unbound library functions manual .\" @@ -44,7 +44,7 @@ .B ub_ctx_zone_remove, .B ub_ctx_data_add, .B ub_ctx_data_remove -\- Unbound DNS validating resolver 1.16.0 functions. +\- Unbound DNS validating resolver 1.16.1 functions. .SH "SYNOPSIS" .B #include .LP diff --git a/contrib/unbound/doc/unbound-anchor.8.in b/contrib/unbound/doc/unbound-anchor.8.in index 4da37b1d5ff9..85b71fd30b8e 100644 --- a/contrib/unbound/doc/unbound-anchor.8.in +++ b/contrib/unbound/doc/unbound-anchor.8.in @@ -1,4 +1,4 @@ -.TH "unbound-anchor" "8" "Jun 2, 2022" "NLnet Labs" "unbound 1.16.0" +.TH "unbound-anchor" "8" "Jul 11, 2022" "NLnet Labs" "unbound 1.16.1" .\" .\" unbound-anchor.8 -- unbound anchor maintenance utility manual .\" diff --git a/contrib/unbound/doc/unbound-checkconf.8.in b/contrib/unbound/doc/unbound-checkconf.8.in index 4c607a231b9f..8133feeaa364 100644 --- a/contrib/unbound/doc/unbound-checkconf.8.in +++ b/contrib/unbound/doc/unbound-checkconf.8.in @@ -1,4 +1,4 @@ -.TH "unbound-checkconf" "8" "Jun 2, 2022" "NLnet Labs" "unbound 1.16.0" +.TH "unbound-checkconf" "8" "Jul 11, 2022" "NLnet Labs" "unbound 1.16.1" .\" .\" unbound-checkconf.8 -- unbound configuration checker manual .\" diff --git a/contrib/unbound/doc/unbound-control.8.in b/contrib/unbound/doc/unbound-control.8.in index 3ef1d659f58a..128101e2f887 100644 --- a/contrib/unbound/doc/unbound-control.8.in +++ b/contrib/unbound/doc/unbound-control.8.in @@ -1,4 +1,4 @@ -.TH "unbound-control" "8" "Jun 2, 2022" "NLnet Labs" "unbound 1.16.0" +.TH "unbound-control" "8" "Jul 11, 2022" "NLnet Labs" "unbound 1.16.1" .\" .\" unbound-control.8 -- unbound remote control manual .\" @@ -552,6 +552,10 @@ Number of queries that were made using TCP towards the Unbound server. Number of queries that the Unbound server made using TCP outgoing towards other servers. .TP +.I num.query.udpout +Number of queries that the Unbound server made using UDP outgoing towards +other servers. +.TP .I num.query.tls Number of queries that were made using TLS towards the Unbound server. These are also counted in num.query.tcp, because TLS uses TCP. diff --git a/contrib/unbound/doc/unbound-host.1.in b/contrib/unbound/doc/unbound-host.1.in index a30d1dfd216f..fb73e625df47 100644 --- a/contrib/unbound/doc/unbound-host.1.in +++ b/contrib/unbound/doc/unbound-host.1.in @@ -1,4 +1,4 @@ -.TH "unbound\-host" "1" "Jun 2, 2022" "NLnet Labs" "unbound 1.16.0" +.TH "unbound\-host" "1" "Jul 11, 2022" "NLnet Labs" "unbound 1.16.1" .\" .\" unbound-host.1 -- unbound DNS lookup utility .\" diff --git a/contrib/unbound/doc/unbound.8.in b/contrib/unbound/doc/unbound.8.in index e3492724c95d..bc768c6a151b 100644 --- a/contrib/unbound/doc/unbound.8.in +++ b/contrib/unbound/doc/unbound.8.in @@ -1,4 +1,4 @@ -.TH "unbound" "8" "Jun 2, 2022" "NLnet Labs" "unbound 1.16.0" +.TH "unbound" "8" "Jul 11, 2022" "NLnet Labs" "unbound 1.16.1" .\" .\" unbound.8 -- unbound manual .\" @@ -9,7 +9,7 @@ .\" .SH "NAME" .B unbound -\- Unbound DNS validating resolver 1.16.0. +\- Unbound DNS validating resolver 1.16.1. .SH "SYNOPSIS" .B unbound .RB [ \-h ] @@ -75,7 +75,7 @@ concurrently. .TP .B \-v Increase verbosity. If given multiple times, more information is logged. -This is in addition to the verbosity (if any) from the config file. +This is added to the verbosity (if any) from the config file. .TP .B \-V Show the version number and build options, and exit. diff --git a/contrib/unbound/doc/unbound.conf.5.in b/contrib/unbound/doc/unbound.conf.5.in index 3c891aa59e28..1157a2d1975f 100644 --- a/contrib/unbound/doc/unbound.conf.5.in +++ b/contrib/unbound/doc/unbound.conf.5.in @@ -1,4 +1,4 @@ -.TH "unbound.conf" "5" "Jun 2, 2022" "NLnet Labs" "unbound 1.16.0" +.TH "unbound.conf" "5" "Jul 11, 2022" "NLnet Labs" "unbound 1.16.1" .\" .\" unbound.conf.5 -- unbound.conf manual .\" @@ -2067,8 +2067,8 @@ With allow\-notify you can specify additional sources of notifies. When notified, the server attempts to first probe and then zone transfer. If the notify is from a primary, it first attempts that primary. Otherwise other primaries are attempted. If there are no primaries, but only urls, the -file is downloaded when notified. The primaries from primary: statements are -allowed notify by default. +file is downloaded when notified. The primaries from primary: and url: +statements are allowed notify by default. .TP .B fallback\-enabled: \fI Default no. If enabled, Unbound falls back to querying the internet as @@ -2682,8 +2682,8 @@ With allow\-notify you can specify additional sources of notifies. When notified, the server attempts to first probe and then zone transfer. If the notify is from a primary, it first attempts that primary. Otherwise other primaries are attempted. If there are no primaries, but only urls, the -file is downloaded when notified. The primaries from primary: statements are -allowed notify by default. +file is downloaded when notified. The primaries from primary: and url: +statements are allowed notify by default. .TP .B zonefile: \fI The filename where the zone is stored. If not given then no zonefile is used. diff --git a/contrib/unbound/edns-subnet/subnetmod.c b/contrib/unbound/edns-subnet/subnetmod.c index 25190b040d45..75446113b742 100644 --- a/contrib/unbound/edns-subnet/subnetmod.c +++ b/contrib/unbound/edns-subnet/subnetmod.c @@ -93,13 +93,14 @@ subnet_new_qstate(struct module_qstate *qstate, int id) qstate->minfo[id] = sq; memset(sq, 0, sizeof(*sq)); sq->started_no_cache_store = qstate->no_cache_store; + sq->started_no_cache_lookup = qstate->no_cache_lookup; return 1; } /** Add ecs struct to edns list, after parsing it to wire format. */ void subnet_ecs_opt_list_append(struct ecs_data* ecs, struct edns_option** list, - struct module_qstate *qstate) + struct module_qstate *qstate, struct regional *region) { size_t sn_octs, sn_octs_remainder; sldns_buffer* buf = qstate->env->scratch_buffer; @@ -131,7 +132,7 @@ subnet_ecs_opt_list_append(struct ecs_data* ecs, struct edns_option** list, edns_opt_list_append(list, qstate->env->cfg->client_subnet_opcode, sn_octs + sn_octs_remainder + 4, - sldns_buffer_begin(buf), qstate->region); + sldns_buffer_begin(buf), region); } } @@ -139,7 +140,7 @@ int ecs_whitelist_check(struct query_info* qinfo, uint16_t ATTR_UNUSED(flags), struct module_qstate* qstate, struct sockaddr_storage* addr, socklen_t addrlen, uint8_t* ATTR_UNUSED(zone), size_t ATTR_UNUSED(zonelen), - struct regional* ATTR_UNUSED(region), int id, void* ATTR_UNUSED(cbargs)) + struct regional *region, int id, void* ATTR_UNUSED(cbargs)) { struct subnet_qstate *sq; struct subnet_env *sn_env; @@ -165,7 +166,7 @@ int ecs_whitelist_check(struct query_info* qinfo, if(!edns_opt_list_find(qstate->edns_opts_back_out, qstate->env->cfg->client_subnet_opcode)) { subnet_ecs_opt_list_append(&sq->ecs_server_out, - &qstate->edns_opts_back_out, qstate); + &qstate->edns_opts_back_out, qstate, region); } sq->subnet_sent = 1; } @@ -331,9 +332,11 @@ update_cache(struct module_qstate *qstate, int id) struct ecs_data *edns = &sq->ecs_client_in; size_t i; - /* We already calculated hash upon lookup */ - hashvalue_type h = qstate->minfo[id] ? - ((struct subnet_qstate*)qstate->minfo[id])->qinfo_hash : + /* We already calculated hash upon lookup (lookup_and_reply) if we were + * allowed to look in the ECS cache */ + hashvalue_type h = qstate->minfo[id] && + ((struct subnet_qstate*)qstate->minfo[id])->qinfo_hash_calculated? + ((struct subnet_qstate*)qstate->minfo[id])->qinfo_hash : query_info_hash(&qstate->qinfo, qstate->query_flags); /* Step 1, general qinfo lookup */ struct lruhash_entry *lru_entry = slabhash_lookup(subnet_msg_cache, h, @@ -416,7 +419,10 @@ lookup_and_reply(struct module_qstate *qstate, int id, struct subnet_qstate *sq) memset(&sq->ecs_client_out, 0, sizeof(sq->ecs_client_out)); - if (sq) sq->qinfo_hash = h; /* Might be useful on cache miss */ + if (sq) { + sq->qinfo_hash = h; /* Might be useful on cache miss */ + sq->qinfo_hash_calculated = 1; + } e = slabhash_lookup(sne->subnet_msg_cache, h, &qstate->qinfo, 1); if (!e) return 0; /* qinfo not in cache */ data = e->data; @@ -758,18 +764,21 @@ subnetmod_operate(struct module_qstate *qstate, enum module_ev event, return; } - lock_rw_wrlock(&sne->biglock); - if (lookup_and_reply(qstate, id, sq)) { - sne->num_msg_cache++; - lock_rw_unlock(&sne->biglock); - verbose(VERB_QUERY, "subnetcache: answered from cache"); - qstate->ext_state[id] = module_finished; + if(!sq->started_no_cache_lookup && !qstate->blacklist) { + lock_rw_wrlock(&sne->biglock); + if(lookup_and_reply(qstate, id, sq)) { + sne->num_msg_cache++; + lock_rw_unlock(&sne->biglock); + verbose(VERB_QUERY, "subnetcache: answered from cache"); + qstate->ext_state[id] = module_finished; - subnet_ecs_opt_list_append(&sq->ecs_client_out, - &qstate->edns_opts_front_out, qstate); - return; + subnet_ecs_opt_list_append(&sq->ecs_client_out, + &qstate->edns_opts_front_out, qstate, + qstate->region); + return; + } + lock_rw_unlock(&sne->biglock); } - lock_rw_unlock(&sne->biglock); sq->ecs_server_out.subnet_addr_fam = sq->ecs_client_in.subnet_addr_fam; *** 14045 LINES SKIPPED ***